Memory Leak Vulnerability in Linux Kernel Affecting TPM2 Sessions
CVE-2026-46096

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-46096?

A memory leak vulnerability exists in the Linux kernel within the TPM2 sessions component. The issue arises in the tpm2_read_public() function, which properly initializes a buffer but fails to release it in certain error conditions, resulting in memory leaks. Specifically, the function neglects to call tpm_buf_destroy() when an unrecognized hash algorithm leads to an error and also on the success exit path. This oversight can lead to increased memory usage and degradation of system performance, highlighting the necessity for proper buffer management in software development.

Affected Version(s)

Linux 20eda7c74b69fe9e1caf9b930a5c016bf8d755fa

Linux bda1cbf73c6e241267c286427f2ed52b5735d872 < 2f434be87e256fd58254f60ddf5d7d58e775ca0b

Linux bda1cbf73c6e241267c286427f2ed52b5735d872

References

https://git.kernel.org/stable/c/f8775d9d9062da662cc861f9f...

https://git.kernel.org/stable/c/2f434be87e256fd58254f60dd...

https://git.kernel.org/stable/c/f0f75a3d98b7959a8677b6363...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46096 Data

JSON